来源:linux时代
一个重要的内核安全漏洞被发现,现在RHEL5的内核补丁已经放出,这个漏洞可以使得非特权用户操作引起拒绝服务。
RHEL5的服务器版本和桌面版本都会受到影响,几乎所有的架构都受到影响,比如i386, x86_64, PPC和IBM s390x等。
A important kernel security and bug fix update was releasedfor Red Hat Enterprise Linux 5, repairing some issues that could allow an unprivileged user to cause a denial of service.
Red Hat Enterprise Linux 5 (both Desktop and Server editions) were affected by these issues. Almost all architectures could have had problems because of this security hole, including i386, x86_64, PPC, s390x and a few others.
The Linux kernel process-trace ability was tested on AMD64 architectures, discovering the possibility of a kernel crash that could allow a local unprivileged user to cause a denial of service.
Due to improper handling of fragmented ESP packets, a possibility of a kernel crash was discovered in the Linux kernel IPsec protocol implementation. If these packages were fragmented in very small chunks, a kernel crash might have occurred during the packet reassembly on the receiving node.
A denial of service could have been caused on 64-bit architectures if a local unprivileged user setup a large interval value for hrtimer, forcing the time expiry value to become negative.
Another problem that could cause a denial of service was found in the Linux kernel PWC USB video driver. The kernel USB subsystem could be brought into the busy-waiting mode by a normal user and cause a DoS.
The updated packages will resolve some other issues as well, like the continual "softlockup" messages that kept occurring on the guest's console after successfully saving and restoring a Red Hat Enterprise Linux 5 para-virtualized guest. Sometimes, a kernel hung and panic occurred when the cpufreq daemon was disabled. Because of this, some system reboots did not complete successfully.
If you intend to apply the updated packages - and this is the advisable thing to do -, first make sure that you've installed all the previously-released updates.
*博客内容为网友个人发布,仅代表博主个人观点,如有侵权请联系工作人员删除。